Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Configuration

Required

Default

Type

Description

tia.destinations.saphttp.host

(tick)

 

String

Hostname of the server with the content server

tia.destinations.saphttp.port

(tick)

 

Integer

Port of the content server usually 80 or 443

tia.destinations.saphttp.protocol

 

https

String

Protocol of the content server http or https

tia.destinations.saphttp.path

 

/contentserver

String

Context Path of the server usually /contentserver

tia.repositoryinstancemapping

tia Viewer maps repositories to instance default, that are not explicitly mapped here.

List<String>

Relevant in CSV configuration, seehttps://kgs-software.atlassian.net/wiki/spaces/WIKI/pages/3246620679/Supported+Scenarios+Vc#Content-Server-Viewer-(CSV).

This parameter allows to map repositories to instances that can be configured separately. For more information see Instance settings .

Example in YAML configuration file:

tia:
  repositoryinstancemapping:
    - FI: finance
    - HR: finance
    - TR: default
    - ZI: production

tia.overlay.isNoteEnabled

 

false

Boolean

Default setting when the request for print does not contain any information whether to include the notes or not.

tia.overlay.isAnnotationEnabled

 

false

Boolean

Default setting when the request for print does not contain any information whether to include the annotations or not.

tia.secKey

 ❗

ABC123

String

This default is not intended for production use: Change this value

tia.stamps.locations

 

 

String

Default stamps available to all instances, additional to the instance specific configured values.

Stamp files are supported in the following formats:
JPEG, PNG, BMP, GIF

Configuration allows to enter a folder e.g.:

file:///tmp/stamps/

one or more files:

"file:///tmp/stamps/accept.png, /tmp/stamps_new/declined.jpg"

tia.stamps.cacheSize

 

100

Integer

Max size of cache entries, i.e. one stamp file is one entry. If more stamps are present, the oldest ones are removed from cache.

tia.stamps.expireMinutes

 

10

Integer

Lifetime of unused entries in stamp cache in minutes.

tia.stamps.maxFileSize

 

10000000

Integer

Max file size in bytes of each stamp file.

tia.mail.view_mode

 

Popup

String (Enum)

How emails are displayed and edited. Available values:

Popup (new window/tab is opened),

Embedded (in current window/tab)

tia.security.csp.policy

default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self'; connect-src 'self'; frame-src 'self'; object-src 'self'; media-src 'self'; frame-ancestors 'self'; form-action 'self'; base-uri 'self'; manifest-src 'self'; worker-src 'self'; report-uri /csp-report-endpoint;

String

Content Security Policy. Secure against various atacks like XSS, Injection and more. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

tia.security.cors.allowed-origins

http(s)://localhost:<port>

String

CORS Header: Access-Control-Allowed-Origin. The Browser Accepts resources from the allowed origin. In the default, it will be created from:

${server.ssl.enabled:false} → if true, https

${server.address}

${server.port}

Can be directly overwritten with

tia.security.cors.allowed-origins:

Allowed values are:

  • * ( Asterisk - from everywhere)

  • <origin> (one absolute URL)

Example:

tia.security.cors.allowed-origins: "*"

tia.security.cors.allowed-methods

List<String>

CORS Header: Access-Control-Allowed-Methods. The methods that are allowed by the browser to be used to access resources. See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods

Allowed values are:

  • * (Asterisk - all Methods)

  • List<String> (String list, comma seperated)

Examples:

tia.security.cors.allowed-methods: "*"
tia.security.cors.allowed-methods: "GET, PUT, DELETE"

tia.security.cors.allowed-headers

Access-Control-Allow-Headers, Access-Control-Allow-Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin, Cache-Control, Content-Type, Authorization

List<String>

CORS Header: Access-Control-Allowed-Headers.

The Headers, that are allowed by the browser. See:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers

Allowed values are:

  • *(Asterisk - all Headers)

  • List<String> (String list, comma seperated)

Example:

tia.security.cors.allowed-headers: "*"

tia.security.cors.allow-credentials

true

Boolean

CORS Header: Access-Control-Allow-Credentials.

Tell the browser, whether it allowes cross-origin request credentials or not (credentials may be in cookies etc.)

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials

Example:

tia.security.cors.allowe-credentials: false

tia.security.cors.allow-x-frame-options-from

DENY

String(Enum)

CORS Header: X-Frame-Options.

Tells the browser if it accept the content of the viewer when its embedded in an IFrame.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Hint: This flag is obsolete when using CSP 

frame-ancestor

Allowed values are:

  • * (Allow from everywhere)

  • DENY

  • SAMEORIGIN

  • ALLOW-FROM XXXXXX (http-address [origin])

Example:

tia.security.cors.allow-x-frame-options-from: "*"

tia.security.xss.mode

disabled

String (Enum)

Cross-Site Protection Header.

Should not be set in Production.

See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection

Allowed values are:

  • block mode

  • block

  • disabled

Example:

tia.security.xss.mode: block-mode

  • No labels